Attestations - Create Or Update At Resource Group
Creates or updates an attestation at resource group scope.
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.PolicyInsights/attestations/{attestationName}?api-version=2022-09-01
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
attestation
|
path | True |
string |
The name of the attestation. |
resource
|
path | True |
string |
The name of the resource group. The name is case insensitive. |
subscription
|
path | True |
string |
The ID of the target subscription. |
api-version
|
query | True |
string |
The API version to use for this operation. |
Request Body
Name | Required | Type | Description |
---|---|---|---|
properties.policyAssignmentId | True |
string |
The resource ID of the policy assignment that the attestation is setting the state for. |
properties.assessmentDate |
string |
The time the evidence was assessed |
|
properties.comments |
string |
Comments describing why this attestation was created. |
|
properties.complianceState |
The compliance state that should be set on the resource. |
||
properties.evidence |
The evidence supporting the compliance state set in this attestation. |
||
properties.expiresOn |
string |
The time the compliance state should expire. |
|
properties.metadata |
object |
Additional metadata for this attestation |
|
properties.owner |
string |
The person responsible for setting the state of the resource. This value is typically an Azure Active Directory object ID. |
|
properties.policyDefinitionReferenceId |
string |
The policy definition reference ID from a policy set definition that the attestation is setting the state for. If the policy assignment assigns a policy set definition the attestation can choose a definition within the set definition with this property or omit this and set the state for the entire set definition. |
Responses
Name | Type | Description |
---|---|---|
200 OK |
The updated attestation. |
|
201 Created |
The created attestation. |
|
Other Status Codes |
Error response describing why the operation failed. |
Security
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Name | Description |
---|---|
user_impersonation | impersonate your user account |
Examples
Create attestation at resource group scope
Sample request
PUT https://management.azure.com/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/resourceGroups/myRg/providers/Microsoft.PolicyInsights/attestations/790996e6-9871-4b1f-9cd9-ec42cd6ced1e?api-version=2022-09-01
{
"properties": {
"policyAssignmentId": "/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5",
"policyDefinitionReferenceId": "0b158b46-ff42-4799-8e39-08a5c23b4551",
"complianceState": "Compliant",
"expiresOn": "2021-06-15T00:00:00Z",
"owner": "55a32e28-3aa5-4eea-9b5a-4cd85153b966",
"comments": "This subscription has passed a security audit.",
"evidence": [
{
"description": "The results of the security audit.",
"sourceUri": "https://gist.github.com/contoso/9573e238762c60166c090ae16b814011"
}
],
"assessmentDate": "2021-06-10T00:00:00Z",
"metadata": {
"departmentId": "NYC-MARKETING-1"
}
}
}
Sample response
{
"properties": {
"policyAssignmentId": "/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5",
"policyDefinitionReferenceId": "0b158b46-ff42-4799-8e39-08a5c23b4551",
"complianceState": "Compliant",
"lastComplianceStateChangeAt": "2020-06-15T18:52:27Z",
"expiresOn": "2021-06-15T00:00:00Z",
"owner": "55a32e28-3aa5-4eea-9b5a-4cd85153b966",
"comments": "This subscription has passed a security audit.",
"evidence": [
{
"description": "The results of the security audit.",
"sourceUri": "https://gist.github.com/contoso/9573e238762c60166c090ae16b814011"
}
],
"assessmentDate": "2021-06-10T00:00:00Z",
"metadata": {
"departmentId": "NYC-MARKETING-1"
},
"provisioningState": "Succeeded"
},
"systemData": {
"createdBy": "b69a9388-9488-4534-b470-7ec6d41beef6",
"createdByType": "User",
"createdAt": "2020-06-15T18:52:27Z",
"lastModifiedBy": "b69a9388-9488-4534-b470-7ec6d41beef6",
"lastModifiedByType": "User",
"lastModifiedAt": "2020-06-15T18:52:27Z"
},
"id": "/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/resourcegroups/myrg/providers/microsoft.policyinsights/attestations/790996e6-9871-4b1f-9cd9-ec42cd6ced1e",
"name": "790996e6-9871-4b1f-9cd9-ec42cd6ced1e",
"type": "Microsoft.PolicyInsights/attestations"
}
{
"properties": {
"policyAssignmentId": "/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/providers/microsoft.authorization/policyassignments/b101830944f246d8a14088c5",
"policyDefinitionReferenceId": "0b158b46-ff42-4799-8e39-08a5c23b4551",
"complianceState": "Compliant",
"lastComplianceStateChangeAt": "2020-06-15T18:52:27Z",
"expiresOn": "2021-06-15T00:00:00Z",
"owner": "55a32e28-3aa5-4eea-9b5a-4cd85153b966",
"comments": "This subscription has passed a security audit.",
"evidence": [
{
"description": "The results of the security audit.",
"sourceUri": "https://gist.github.com/contoso/9573e238762c60166c090ae16b814011"
}
],
"assessmentDate": "2021-06-10T00:00:00Z",
"metadata": {
"departmentId": "NYC-MARKETING-1"
},
"provisioningState": "Succeeded"
},
"systemData": {
"createdBy": "b69a9388-9488-4534-b470-7ec6d41beef6",
"createdByType": "User",
"createdAt": "2020-06-15T18:52:27Z",
"lastModifiedBy": "b69a9388-9488-4534-b470-7ec6d41beef6",
"lastModifiedByType": "User",
"lastModifiedAt": "2020-06-15T18:52:27Z"
},
"id": "/subscriptions/35ee058e-5fa0-414c-8145-3ebb8d09b6e2/resourcegroups/myrg/providers/microsoft.policyinsights/attestations/790996e6-9871-4b1f-9cd9-ec42cd6ced1e",
"name": "790996e6-9871-4b1f-9cd9-ec42cd6ced1e",
"type": "Microsoft.PolicyInsights/attestations"
}
Definitions
Name | Description |
---|---|
Attestation |
An attestation resource. |
Attestation |
A piece of evidence supporting the compliance state set in the attestation. |
Compliance |
The compliance state that should be set on the resource. |
created |
The type of identity that created the resource. |
Error |
Error definition. |
Error |
Error response. |
system |
Metadata pertaining to creation and last modification of the resource. |
Typed |
Scenario specific error details. |
Attestation
An attestation resource.
Name | Type | Description |
---|---|---|
id |
string |
Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} |
name |
string |
The name of the resource |
properties.assessmentDate |
string |
The time the evidence was assessed |
properties.comments |
string |
Comments describing why this attestation was created. |
properties.complianceState |
The compliance state that should be set on the resource. |
|
properties.evidence |
The evidence supporting the compliance state set in this attestation. |
|
properties.expiresOn |
string |
The time the compliance state should expire. |
properties.lastComplianceStateChangeAt |
string |
The time the compliance state was last changed in this attestation. |
properties.metadata |
object |
Additional metadata for this attestation |
properties.owner |
string |
The person responsible for setting the state of the resource. This value is typically an Azure Active Directory object ID. |
properties.policyAssignmentId |
string |
The resource ID of the policy assignment that the attestation is setting the state for. |
properties.policyDefinitionReferenceId |
string |
The policy definition reference ID from a policy set definition that the attestation is setting the state for. If the policy assignment assigns a policy set definition the attestation can choose a definition within the set definition with this property or omit this and set the state for the entire set definition. |
properties.provisioningState |
string |
The status of the attestation. |
systemData |
Azure Resource Manager metadata containing createdBy and modifiedBy information. |
|
type |
string |
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
AttestationEvidence
A piece of evidence supporting the compliance state set in the attestation.
Name | Type | Description |
---|---|---|
description |
string |
The description for this piece of evidence. |
sourceUri |
string |
The URI location of the evidence. |
ComplianceState
The compliance state that should be set on the resource.
Name | Type | Description |
---|---|---|
Compliant |
string |
The resource is in compliance with the policy. |
NonCompliant |
string |
The resource is not in compliance with the policy. |
Unknown |
string |
The compliance state of the resource is not known. |
createdByType
The type of identity that created the resource.
Name | Type | Description |
---|---|---|
Application |
string |
|
Key |
string |
|
ManagedIdentity |
string |
|
User |
string |
ErrorDefinition
Error definition.
Name | Type | Description |
---|---|---|
additionalInfo |
Additional scenario specific error details. |
|
code |
string |
Service specific error code which serves as the substatus for the HTTP error code. |
details |
Internal error details. |
|
message |
string |
Description of the error. |
target |
string |
The target of the error. |
ErrorResponse
Error response.
Name | Type | Description |
---|---|---|
error |
The error details. |
systemData
Metadata pertaining to creation and last modification of the resource.
Name | Type | Description |
---|---|---|
createdAt |
string |
The timestamp of resource creation (UTC). |
createdBy |
string |
The identity that created the resource. |
createdByType |
The type of identity that created the resource. |
|
lastModifiedAt |
string |
The timestamp of resource last modification (UTC) |
lastModifiedBy |
string |
The identity that last modified the resource. |
lastModifiedByType |
The type of identity that last modified the resource. |
TypedErrorInfo
Scenario specific error details.
Name | Type | Description |
---|---|---|
info |
|
The scenario specific error details. |
type |
string |
The type of included error details. |